ACTIVE DIRECTORY CONFIGURATIONS ARE A SERIOUS THREAT One of the most serious threats an organization can face is an attacker using

Active Directory configurations to identify attack paths and capture privileged

credentials so they can deeply embed themselves into target networks.

EVALUATE THE SECURITY OF YOUR ACTIVE DIRECTORYCrowdStrike® Active Directory Security Assessment is a unique offering

designed to review your Active Directory configuration and policy settings to

reveal the security configuration issues attackers can leverage. The assessment

involves review of documentation, discussions with your staff, execution of

proprietary tools and a manual review of your Active Directory configuration and

settings. You receive a detailed report of the issues discovered and their impact

along with recommended steps for mitigation and remediation.

THE ASSESSMENT PROCESS HAS THREE PRIMARY PHASES:

1. Gather data from the environment, while on-site or remotely

2. Interpret and analyze the results

3. Complete an assessment report and provide detailed recommendations

Comprehensive review of your Active Directory security components

CrowdStrike Services

ACTIVE DIRECTORY SECURITY ASSESSMENT

KEY BENEFITS

Provides a snapshot of the Active Directory security configuration at a point in time

Identifies the most common and effective attack vectors and explains how best to detect, mitigate and prevent them

Offers tailored recommendations for leveraging existing technology investments to improve your organization’s overall security posture

Customizes Active Directory security best practices to align with business processes and requirements and minimize impact

Identifies top security issues and provides guidance on the best methods to mitigate and resolve them

Delivers a plan of action that includes resolution and mitigation recommendations for the identified issues

KEY SERVICE FEATURESCrowdStrike’s Active Directory Security Assessment can be performed at any time. It can

be conducted proactively to help your organization fix issues before penetration testing;

after penetration testing to better help you understand what happened; or as part of a yearly

maintenance project to fix issues identified during infrastructure updates.

CrowdStrike Services equips organizations with the protection and expertise they need to defend against and respond to security incidents. Leveraging the cloud-delivered CrowdStrike Falcon® platform — including next-generation endpoint protection, cyber threat intelligence gathering and reporting operations, and a 24/7 proactive threat hunting team — the CrowdStrike Services team helps customers identify, track and block attackers in real time. This unique approach allows CrowdStrike to stop unauthorized access faster and prevent further breaches. CrowdStrike also offers proactive services so organizations can improve their ability to anticipate threats, prepare their networks, and ultimately stop breaches.

ABOUT CROWDSTRIKE SERVICES

CrowdStrike Services

ACTIVE DIRECTORY SECURITY ASSESSMENT

© 2020 CrowdStrike, Inc. All rights reserved.

Learn more at www.crowdstrike.com/services/

Email: services@crowdstrike.com

WHY CHOOSE CROWDSTRIKE?

Expertise: CrowdStrike’s Active Directory Security Assessment tools and process were developed by a Microsoft Certified Master in Active Directory.

Comprehensiveness: The extensive, action-focused security review delivers insight and summarizes the critical items that need work. The assessment is focused on mitigation and practical recommendations for how to stop attackers leveraging Active Directory.

Relevance: The tools and methodology are constantly assessed and refreshed to take into account new attack approaches and reflect best practice and published research.

CONFIGURATION VISIBILITY AND MANAGEMENT

Perform an Active

Directory forest and

domain trust configuration

and security review

Conduct a domain

controller management

review including operating

system versions, patching,

backup and server

lifecycle management

Identify the domain

controller auditing

configuration and review

the event central logging

system

GROUP POLICY AND PRIVILEGE CONTROLS

Review Active Directory

administration groups

(users, service accounts,

etc.)

Discover custom security

groups with privileged

access to Active

Directory

Enumerate Active

Directory organizational

unit (OU) permissions

with a focus on top-level

domain OUs

RECOMMENDATIONS AND ACTION PLANS

Highlight Active Directory

security misconfigurations

and recommend specific

remediation/mitigations

Provide recommendations

for domain controller

auditing and determine

the specific event IDs

that should be sent to the

central logging system or

security information event

management (SIEM)

Provide broad

recommendations for all

Windows system auditing

(specific event IDs) that

should be forwarded to the

central logging system or

SIEM